I use FF no script. The only scripts loading are
Google Analytics and some jquery.
On which location did you find the script?
It could be a secondary script, injecting it with every visit to the site. I am going to do a quick re-image to restore everything to it's default status, but I would like to determine
where the infection / hack is coming from. No need doing a whole re-image and you cannot identify the exploited site. It will just re-inject the script and continue as normal.
I have APP's in place to stop the payload, but it disables key features on some of the sites and cancel it's functionality.
![Angry](https://bitcointalk.org/Smileys/default/angry.gif)
... I guess it's back to VM.